Security News > 2020 > May > PoC Exploit Released for DoS Vulnerability in OpenSSL

PoC Exploit Released for DoS Vulnerability in OpenSSL
2020-05-05 08:59

A proof-of-concept exploit has been made public for a recently patched vulnerability in OpenSSL that can be exploited for denial-of-service attacks.

OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f are affected by a high-severity vulnerability that has been described as a segmentation fault in the SSl check chain function.

Security researcher Imre Rad has published a PoC exploit for the vulnerability, along with a description of the exploitation process.

CVE-2020-1967 was the first vulnerability patched in OpenSSL in 2020.

As SecurityWeek reported a few months ago, OpenSSL security has evolved since the disclosure of the Heartbleed vulnerability back in 2014.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/1_TH5Ik-Z0o/poc-exploit-released-dos-vulnerability-openssl

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Openssl 1 7 48 51 13 119